similar to: Bug#1029830: xen: CVE-2022-42330

Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),

Source: xen Version: 4.17.0+24-g2f8851c37f-2 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerability was published for xen, filling with RC severity (for ideally fixed before bookworm release): CVE-2022-27672[0]: | When SMT is enabled, certain AMD processors may speculatively execute |

Source: xen Version: 4.17.2+55-g0b56bed864-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2023-46835[0]: | x86/AMD: mismatch in IOMMU quarantine page table levels CVE-2023-46836[1]: | x86: BTC/SRSO fixes not fully effective If you fix the

Hi When building with GCC 10, gcc is stricter in handling handling of symbol clashes. Fedora, has fixed this with a patch from Dominik Mierzejewski: https://src.fedoraproject.org/rpms/tftp/c/5e2aa55b6802a52ef480d688b3ae4751220f20e0.patch Attaching the corresponding patch for git am. Regards, Salvatore >From 9e7641bf58df9dda3bc51f381f371fa7cbce47af Mon Sep 17 00:00:00 2001 From: Salvatore

Hi When building with GCC 10, gcc is stricter in handling handling of symbol clashes. Fedora, has fixed this with a patch from Dominik Mierzejewski: https://src.fedoraproject.org/rpms/tftp/c/5e2aa55b6802a52ef480d688b3ae4751220f20e0.patch Attaching the corresponding patch for git am. I'm sending the patch which was submitted a while ago to the list. Is there something you wanted to be

Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input,

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 19 Apr 2016 20:42:09 +0200 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 19 Apr 2016 20:42:09 +0200 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u5

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 06:53:56 +0100 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 06:53:56 +0100 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u2

On Sun, Nov 15, 2020 at 6:43 PM Salvatore Bonaccorso <carnil at debian.org> wrote: > > Hi, > > On Fri, Aug 28, 2020 at 11:28:46AM +0200, Frantisek Hrbata wrote: > > Unprivileged user can crash kernel by using DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC > > ioctl. This was reported by trinity[1] fuzzer. > > > > [ 71.073906] nouveau 0000:01:00.0: crashme[1329]:

Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-6654[0]: | The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, | 4.4.x, and earlier does not limit the number of printk console | messages when reporting a failure to retrieve a reference on a foreign | page, which allows

Mapping oldstable-security to oldstable-proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 07:08:27 +0100 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 07:08:27 +0100 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture: source all amd64 Version: 4.1.4-3+deb7u9

Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-3340[0]: | Xen 4.2.x through 4.5.x does not initialize certain fields, which | allows certain remote service domains to obtain sensitive information | from memory via a (1) XEN_DOMCTL_gettscinfo or (2) | XEN_SYSCTL_getdomaininfolist request.

Source: xen Version: 4.3.0-1 Severity: serious Justification: FTBFS Hi New uploaded xen 4.3.0-1 FTBFS, see [1] for build log for i386. [1] https://buildd.debian.org/status/fetch.php?pkg=xen&arch=i386&ver=4.3.0-1&stamp=1378426577 Regards, Salvatore

Processing commands for control at bugs.debian.org: > forcemerge 681293 711923 Bug #681293 [apt-listchanges] apt-listchanges should try to get the changelog from control.tar first Unable to merge bugs because: package of #711923 is 'xen-utils-common' not 'apt-listchanges' Failed to forcibly merge 681293: Did not alter merged bugs

Processing commands for control at bugs.debian.org: > forcemerge 711273 711923 Bug #711273 [xen-hypervisor-4.2-amd64] xen-hypervisor-4.2-amd64: Acn't re-create domains after migration from 4.1 to 4.2 Unable to merge bugs because: package of #711923 is 'xen-utils-common' not 'xen-hypervisor-4.2-amd64' Failed to forcibly merge 711273: Did not alter merged bugs

Processing commands for control at bugs.debian.org: > merge 691734 709103 Bug #691734 [xen-utils-common] xen-utils-common should install successfully even if xen cannot be started Unable to merge bugs because: severity of #709103 is 'normal' not 'important' Failed to merge 691734: Did not alter merged bugs Debbugs::Control::set_merged('transcript',

Processing commands for control at bugs.debian.org: > forcemerge 711923 711273 Bug #711923 [xen-utils-common] xen-utils-common: After run 'xm create ...' i got error "Error: 'NoneType' object has no attribute 'rfind' Unable to merge bugs because: package of #711273 is 'xen-hypervisor-4.2-amd64' not 'xen-utils-common' Failed to forcibly merge 711923: